Many devices include biometrics-based user authentication in addition to secret-based authentication. While secret-based authentication involves a precise match with the known secret, biometrics-based authentication involves fuzzy matching that verifies that the input is similar to known biometrics within an acceptable threshold level of difference. As a result, biometrics-based authentication techniques are susceptible to attacks in which a malicious actor attempts to authenticate as the user via biometrics data that is crafted carefully to be similar to the stored biometrics within the threshold.
The techniques of this disclosure guard against such attacks by use of a generative adversarial network (GAN) where random perturbation is added to the received biometrics input for a dynamically determined number of test iterations. The matching threshold value and the number of test iterations can be dynamically determined. If the authentication test during each of the iterations is passed by the perturbed biometrics input, the user providing the biometrics input is authenticated. Otherwise, the device falls back to secret-based authentication.
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.
Wadhwa, Tanmay and Dhillon, Neil, "Defending against attacks on biometrics-based authentication", Technical Disclosure Commons, (June 08, 2018)